Back to Home

Privacy Policy

Last Updated: February 10, 2026 | Effective Date: February 10, 2026

TL;DR: We collect only the information necessary to provide our consulting services, we never sell your personal data, and you have full control over your information at all times.

1. Introduction

Elysium Agency LLC ("Elysium Agency," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard the personal data of visitors to our website (https://elysium-agency.com), clients, prospective clients, and other individuals who interact with our business consulting and strategic advisory services.

As the data controller, Elysium Agency LLC, located at 1209 Mountain Road PL NE, Ste R, Albuquerque, NM 87110, is responsible for the processing of your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation.

By accessing our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our website and services.

2. Information We Collect

A) Information You Provide Directly

  • Contact Information: Full name, email address, phone number, company name, and job title when you submit a consultation request, contact form, or sign up for our newsletter.
  • Professional Information: Industry, company size, revenue range, and business challenges shared during discovery calls and engagements.
  • Communication Data: Emails, messages, and other correspondence you send to us, including attachments and project briefs.
  • Engagement Data: Information related to our consulting services, including project details, deliverables, meeting notes, and feedback provided during the course of an engagement.
  • Payment Information: Billing details necessary to process invoices and payments. We do not store complete credit card numbers; payment processing is handled by PCI-compliant third-party providers.

B) Information Collected Automatically

  • Device Information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on each page, clickstream data, referring URLs, and exit pages.
  • Location Data: Approximate geographic location derived from your IP address.
  • Cookies & Identifiers: Cookies, web beacons, pixel tags, and similar technologies as described in our Cookie Policy.
  • Server Logs: Standard web server logs including access timestamps, request methods, and response codes.

C) Information from Third Parties

  • Referrals: Information provided by mutual contacts, partners, or industry networks when recommending our services.
  • Public Sources: Publicly available business information from LinkedIn, company websites, SEC filings, and industry databases for research and outreach purposes.
  • Service Providers: Analytics providers, CRM platforms, and email marketing tools that help us understand how users interact with our website.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: To provide, manage, and improve our business consulting and advisory services, including project management, communication, and deliverable creation.
  • Communication: To respond to your inquiries, schedule consultations, send engagement updates, and provide client support.
  • Proposals & Contracts: To prepare customized service proposals, contracts, and statements of work based on your specific needs.
  • Analytics & Improvement: To analyze website traffic patterns, understand user behavior, and improve our website's functionality and content.
  • Marketing: To send newsletters, industry insights, case studies, and information about our services (only with your explicit consent or where permitted by law).
  • Legal & Compliance: To comply with applicable laws, regulations, and legal processes, and to protect our legal rights and interests.
  • Security: To detect, prevent, and address fraud, unauthorized access, and other potentially illegal activities.
  • Business Operations: For internal administration, accounting, auditing, and record-keeping purposes.

4. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

Legal Basis Processing Activity
Consent Marketing emails, newsletter subscriptions, non-essential cookies, and voluntary form submissions.
Contract Performance Processing data necessary to deliver consulting services, manage engagements, and fulfill contractual obligations.
Legitimate Interest Website analytics, fraud prevention, service improvement, and business communications that do not override your rights.
Legal Obligation Tax reporting, regulatory compliance, and responding to lawful government requests.

5. Sharing Your Information

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes. Ever.

We may share your information with the following categories of recipients:

  • Service Providers: Trusted third-party vendors who assist us in operating our business, including:
    • Cloud hosting and infrastructure (Amazon Web Services, Google Cloud)
    • Email services (Google Workspace, SendGrid)
    • Analytics (Google Analytics)
    • CRM and project management (HubSpot, Asana)
    • Payment processing (Stripe)
  • Professional Advisors: Accountants, lawyers, and auditors who require access to personal data to provide professional advice.
  • Legal Requirements: When required by law, court order, subpoena, or to protect our rights, property, or safety.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity.
  • With Your Consent: In any other circumstances where you have given explicit consent.

All third-party service providers are contractually obligated to process your data only as instructed by us and in accordance with applicable data protection laws.

6. International Data Transfers

Elysium Agency LLC is based in the United States. If you are accessing our website or services from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all sub-processors
  • Additional supplementary measures where required, including encryption and access controls

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

Data Type Retention Period
Contact form submissions 2 years from last interaction
Client engagement records 7 years after engagement completion (legal requirement)
Newsletter subscribers Until unsubscribe or consent withdrawal
Website analytics data 26 months (Google Analytics default)
Financial/billing records 7 years (tax compliance)
Cookie consent preferences 12 months

When personal data is no longer required, it is securely deleted or anonymized in accordance with our data destruction procedures.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Restrict Processing: Request limitation of processing in certain circumstances.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, please contact us at info@elysium-agency.com with the subject line "Privacy Rights Request." We will respond within 30 days (or sooner as required by applicable law). We may need to verify your identity before processing your request.

9. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it, including:

  • Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS (256-bit encryption).
  • Access Controls: Access to personal data is restricted to authorized personnel who need it to perform their duties, with role-based access controls and multi-factor authentication.
  • Infrastructure Security: Our hosting infrastructure is protected by firewalls, intrusion detection systems, and regular security patches.
  • Regular Backups: Automated encrypted backups with secure offsite storage and tested disaster recovery procedures.
  • Employee Training: All team members receive regular data protection and security awareness training.
  • Incident Response: In the event of a data breach, we will notify affected individuals and relevant supervisory authorities within 72 hours as required by GDPR.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest standards of data protection.

10. Children's Privacy

Our website and services are designed for business professionals and are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete such information. If you believe that a child under 16 has provided us with personal data, please contact us immediately at info@elysium-agency.com.

11. Marketing Communications

With your explicit consent, we may send you:

  • Monthly newsletters with industry insights and market analysis
  • Case studies and white papers relevant to your industry
  • Invitations to webinars, events, and workshops
  • Updates about our services and new consulting offerings

You can unsubscribe from marketing communications at any time by clicking the "Unsubscribe" link in any marketing email, or by contacting us at info@elysium-agency.com. Please note that even after unsubscribing from marketing emails, we may still send you transactional communications related to active engagements.

12. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic. For detailed information about the cookies we use, how to manage your preferences, and your choices, please refer to our comprehensive Cookie Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Post a prominent notice on our website
  • Send a notification email to active clients and subscribers for significant changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact & Data Protection

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: info@elysium-agency.com
  • Address: Elysium Agency LLC, 1209 Mountain Road PL NE, Ste R, Albuquerque, NM 87110, United States
  • Subject Line: "Privacy Inquiry"

For EU residents, if you are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

15. Jurisdiction-Specific Rights

For European Union Residents (GDPR)

In addition to the rights listed above, EU residents are entitled to full GDPR protections, including the right to lodge a complaint with your local supervisory authority. The applicable legal basis for each processing activity is detailed in Section 4 of this policy.

For California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by businesses
  • The right to opt out of the sale of personal information (we do not sell your data)
  • The right to non-discrimination for exercising CCPA rights
  • The right to correct inaccurate personal information
  • The right to limit the use and disclosure of sensitive personal information

For United Kingdom Residents (UK GDPR)

UK residents are protected by the UK GDPR and the Data Protection Act 2018. Your rights mirror those under the EU GDPR. Complaints may be lodged with the Information Commissioner's Office (ICO).

For New Mexico Residents

As a business based in Albuquerque, New Mexico, we comply with all applicable state data protection regulations. New Mexico residents may contact us directly for any privacy-related inquiries.